Tool Qualification

Certifying software in safety-critical applications is a tremendous undertaking for any team. Using Parasoft C/C++test saves time because it can manage unit and integration tests, gather and track low-level code coverage, analyze code against industry-relevant static code standards, as well as provide detailed reports and dashboards. The use of tools does save time and provide greater accuracy, but it also means that the tools themselves need to be qualified for the intended use. Compilers that build the code and testing tools that check for compliance must provide evidence that they perform correctly in a given environment during the cerfitication process.

The Parasoft tool suite has an available qualification kit that meets the requirements of ISO 26262 on classification and qualification of software tools as well as the requirements of IEC 61508, DO 178B/C, DO-330, ED-12B/C, and EN-50128. When using C/C++test for functional safety sensitive software, Parasoft’s qualification kit provides a functional safety distribution package, which extends C/C++test distribution files with additional items:

Enumeration of platforms, environments, and functionalities that are covered by the package

A list of known unresolved functional safety relevant defects found during the C/C++test validation and verification procedure

Customers who subscribe to the functional safety distribution package are notified instantly of any changes to the content of the package (including both software and documentation).

Static Code Analysis

Static code analysis has several purposes in the role of ensuring that functional safety software is safe and reliable. Static analysis can find software weakness that will affect the accuracy and consistency of the code, such as stack errors, variables overflows, missing exception handling, uninitialized variables, etc. For compliance, static analysis starts with coding standards that embody the best practices required by the specific industry guidelines. Where specific industry guidelines don't exist, often organizations look to the MISRA standard as a starting point.

A second role of code analysis is to measure the software against specific metrics and apply thresholds. Safety guidelines require knowing and understanding issues like code complexity, cohesion, and coupling. Values for each metric can be generated and displayed within Parasoft DTP, and thresholds can be set to create violations when that metric exceeds acceptable ranges.

Unit Testing

Functional safety relies on unit tests whose creation and execution can be linked to requirements as well as enable fault injection, boundary value tests, etc. Parasoft’s unit testing automates generation and execution of unit and component level tests. Parasoft automatically generates complete tests, including test drivers and test cases for individual functions. These unit tests can be created purely in code (e.g., C or C++ code). Parasoft’s automation greatly increases the efficiency of testing and the correctness and reliability of code under test.

These tests, with or without modifications, are used for initial validation of the functional behavior of the code. By using corner case conditions, these automatically-generated test cases also check function responses to unexpected inputs, exposing potential reliability problems. This functionality is applicable for creating tests which detect errors, which could lead to unacceptable failure conditions, as determined by the system safety assessment process.

Code Coverage

To ensure software is safe and reliable you must know exactly what code has been tested, and what code remains to be tested. Parasoft C/C++test is a multi-metric test coverage analyzer that includes statement, branch, path, and MC/DC (Modified Condition/Decision Coverage) coverage, helping users gauge the efficacy and completeness of the tests, as well as demonstrate compliance with test and validation requirements. The coverage data can be automatically imported into Parasoft DTP, which combines test coverage data from across your testing activities, such as unit, manual, integration, and system-level tests, into a centralized dashboard. Coverage data can be collected and compared against code changes to ensure critical policies can be put in place, i.e. all new code must have 100% test coverage.

Requirements and Traceability

Traceability between requirements and tests is critical to demonstrate verification for functional safety. With Parasoft DTP, you can associate both tests and code with requirements, giving you full test traceability of the requirements (static analysis violations, peer reviews, test results, and code coverage), thereby providing complete visibility into how well the requirement has been tested.

Want to learn more about our software testing solutions?

Find out how Parasoft's innovative testing technologies can help your team.